Generating the required AWS credentials - AWS Elastic Disaster Recovery

Generating the required AWS credentials

In order to install the AWS Replication Agent, you must first generate the required AWS credentials. You can either create temporary credentials with AWS STS (recommended) or create permanent credentials with an IAM User.


Temporary credentials have many advantages. You don't need to rotate them or revoke them when they're no longer needed, and they cannot be reused after they expire. You can specify for how long the credentials are valid, up to a maximum limit. Because they provide enhanced security, using temporary credentials is considered best practice and the recommended option.

Temporary credentials

To create temporary credentials, take the following steps:

  1. Create a new IAM Role with the AWSElasticDisasterRecoveryAgentInstallationPolicy policy.

  2. Request temporary security credentials via AWS STS using the AssumeRole API.

Permanent credentials

To create permanent credentials, you will need to create at least one AWS Identity and Access Management (IAM) user, and assign the proper permission policy to this user. You will obtain an Access key ID and Secret access key, which you will need to enter into the Agent installation prompt in order to begin the installation.


You can use the same credentials to install multiple Agents.

  1. Open the AWS Management Console and look for IAM under Find Services.

  2. From the IAM main page, choose Users from the left-hand navigation menu.

  3. You can either select an existing user or add a new user. To add a new user, click Add user.

  4. Give the user a User name and select the Programmatic access access type. Click Next: Permissions.

  5. Choose the Attach existing policies directly option. Search for AWSElasticDisasterRecoveryAgentInstallationPolicy. Select the policy and click Next: Tags.

  6. If you want, add tags according to your preferences. Click Next: Review.

  7. Review the information. Ensure that the Programmatic access type is selected and that the correct policy is attached to the user. Click Create user.

  8. A confirmation message will appear and you will see the Access key ID and Secret access key that you need in order to install the AWS Replication Agent on your source servers.

    To save this information as .csv file, click Download .csv.

    You can also access this information and rotate your security credentials by navigating to IAM > Users > Your user in the AWS Console.